In this book Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. No matter if you’re new or experienced in the field; this book gives you everything you will ever need to implement ISO 27001 on your own.

This book is based on an excerpt from Dejan Kosutic's previous book Secure & Simple. It provides a quick read for people who are focused solely on risk management, and don’t have the time (or need) to read a comprehensive book about ISO 27001. It has one aim in mind: to give you the knowledge ...

In this book Dejan Kosutic, an author and experienced information security consultant, is giving away his practical know-how ISO 27001 security controls. No matter if you are new or experienced in the field, this book give you everything you will ever need to learn more about security controls.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO certification audits. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn more about certification audits.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on managing documentation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn on how to handle ISO documents.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO implementation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn about preparations for ISO implementation projects.

In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on ISO internal audits. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn and more about internal audits.

Author and experienced business continuity consultant Dejan Kosutic has written this book with one goal in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 22301. Without any stress, hassle or headaches.

9 Steps to Cybersecurity from expert Dejan Kosutic is a free eBook designed specifically to take you through all cybersecurity basics in an easy-to-understand and easy-to-digest format. You will learn how to plan cybersecurity implementation from top-level management perspective.

Conformio is a smart online compliance tool – implement and maintain ISO 27001, GDPR, ISO 9001, ISO 14001, or other ISO standards in your company with ease. Streamline your team effort with a single tool for managing documents, projects, and communication.

ISO 27001 Gap Analysis Tool

An ISO 27001 tool, like our free gap analysis tool, can help you see how much of ISO 27001 you have implemented so far – whether you are just getting started, or nearing the end of your journey. The simple question-and-answer format allows you to visualize which specific elements of a information security management system you’ve already implemented, and what you still need to do.

ISO 27001/ISO 22301 Implementation Duration Calculator

This calculator will help you estimate the time needed for your ISO 27001 or ISO 22301 implementation. Since these two standards are equally complex, the factors that influence the duration of both of these standards are similar, so this is why you can use this calculator for either of these standards.

In this online course you’ll learn all you need to know about ISO 27001, and how to become an independent consultant for the implementation of ISMS based on ISO 20700. Our course was created for beginners so you don’t need any special knowledge or expertise.

In this online course you’ll learn all about ISO 27001, and get the training you need to become certified as an ISO 27001 certification auditor. You don’t need to know anything about certification audits, or about ISMS—this course is designed especially for beginners.

Learn everything you need to know about ISO 27001, including all the requirements and best practices for compliance. This online course is made for beginners. No prior knowledge in information security and ISO standards is needed.

In this online course you’ll learn all the requirements and best practices of ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners. No prior knowledge in information security and ISO standards is needed.

The ISO 27001 & ISO 22301 Blog

How to learn about ISO 27001 and BS 25999-2

Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I’ll try to explain their benefits and the differences between them.

The first is the list of in-person courses – these courses are still prevalent, but steadily losing share in favour of online courses (explained at the end of this article).

ISO 27001 or BS 25999-2 Lead Auditor Course

This is the most popular course for either ISO 27001 or BS 25999-2 – it lasts 5 days, and finishes with a written exam. The exam is quite difficult, so one could consider that this is the top course for those two standards. If you do pass the exam, you can become an auditor for a certification body, but that is not its main benefit – it is the most useful for professionals implementing the standards because it gives an excellent overview of the standards and provides in-depth explanations of what the certification auditors will ask for at the certification audit. Therefore, it is useful for both auditors and implementers.

The target audience for this course are professionals with moderate or significant experience in information security, business continuity, auditing or IT. You should choose only accredited courses (e.g. by IRCA – www.irca.org).

ISO 27001 or BS 25999-2 Lead Implementer Course

This course is somewhat similar to, but not so popular as ISO 27001 or BS 25999-2 Lead Auditor Course. The difference is that it focuses on implementation techniques rather than auditing techniques – therefore, if the certification is not your concern, you may find this course more suitable.

Here the target audience is similar – professionals with moderate or significant experience in information security, business continuity or IT.

ISO 27001 or BS 25999-2 Internal Auditor Course

This course is a “light” version of ISO 27001 or BS 25999-2 Lead Auditor Course – it usually lasts 2 or 3 days, could be with or without an exam, and the content is a condensed version of Lead Auditor Course. The main difference is that with this course you cannot pursue a career as an auditor in a certification body; however, if you want to get a systematic introduction to the world of ISO 27001 or BS 25999-2 or you plan to be an internal auditor in your company, this course is the right choice for you.

The target audience are professionals with little or moderate experience in information security, business continuity or IT.

ISO 27001 or BS 25999-2 Foundation Course / Introduction Course

These courses usually last for one or two days – their purpose is not to teach you about auditing or implementation techniques, but to give you an overview of the requirements and implementation issues. If you don’t have a lot of time to spare and you want to know what you company will be experiencing during implementation, do think about one of these courses.

The target audience are members of the management, or professionals with no experience in information security or business continuity.

Other information security / business continuity courses

You may have heard of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) – although I consider these courses very useful for your information security or business continuity career, they are not directly relevant to ISO 27001 or BS 25999-2. Therefore, you should attend CISA, CISM and/or CISSP after you complete courses directly related to the two standards.

Online courses

In addition to the above mentioned in-person courses, online courses (either in the form of e-learning or live webinars) are becoming increasingly popular, partly because of the lower costs – no travelling expenses, no lost time away from office. There are more and more vendors on the Internet, offering more and more quality content (including our 27001Academy) – you can find courses lasting from 1 hour (e.g. free webinars) to a few weeks (e.g. e-learning courses).

The main benefit of online courses is that you can receive more relevant knowledge in a shorter period of time and for less money, although the question of real effectiveness of such courses still remains unanswered.

But, regardless of which form or type of course you take, be sure about one thing – the return on investment will show very quickly.